2024 State of Software Supply Chain Security Report

This report examines the current state of Software Supply Chain Security (SSCS) and outlines key findings from a survey of 900 Application Security (AppSec) professionals across various regions. It highlights the increasing awareness of SSCS risks, with 100% of respondents acknowledging past attacks on their organizations. Despite this awareness, only 7% have implemented specific SSCS products, indicating a gap between recognition and action. The report discusses the role of Software Bill of Materials (SBOMs) as a foundational element of SSCS, noting that while many organizations request SBOMs, their effective usage remains a challenge. The document also emphasizes the importance of open source software in SSCS, revealing that 75% of respondents express concern about security risks associated with it. Furthermore, it identifies the need for a comprehensive approach to SSCS, integrating various tools and methodologies throughout the software development lifecycle (SDLC) to enhance security measures and address vulnerabilities effectively.